botmaster
11-03-2008, 07:02 PM
Is this sort of thing possible?
Let's just, for sake of assumption, say you have a hugeass botnet under control (200k systems and growing...). Would it be possible to create a worm that is actually an antivirus that fortifies the OS of the botnet's zombies and upload it to them?
For example, lets say one of the zombies is a winXP computer running no other security programs, no windows updates and has a user that is completely ignorant. By "accidentally" downloading and installing the antivirus worm, his computer is constantly being virus scanned in the background with a maximum cpu and memory usage of 5%, and his system periodically connects to several peers in the botnet to check for updates and patches for new exploits. So it has the features of a rootkit (hides itself), but it's not really a rootkit because it's not doing any harm to the system besides cleaning it up and securing it.
I don't know if this is possible (would be a large amount of coding, especially for the p2p update system crypto), but I just want your input on this. I know it's not legal and all that, but we're speaking hypothetically here.
Let's just, for sake of assumption, say you have a hugeass botnet under control (200k systems and growing...). Would it be possible to create a worm that is actually an antivirus that fortifies the OS of the botnet's zombies and upload it to them?
For example, lets say one of the zombies is a winXP computer running no other security programs, no windows updates and has a user that is completely ignorant. By "accidentally" downloading and installing the antivirus worm, his computer is constantly being virus scanned in the background with a maximum cpu and memory usage of 5%, and his system periodically connects to several peers in the botnet to check for updates and patches for new exploits. So it has the features of a rootkit (hides itself), but it's not really a rootkit because it's not doing any harm to the system besides cleaning it up and securing it.
I don't know if this is possible (would be a large amount of coding, especially for the p2p update system crypto), but I just want your input on this. I know it's not legal and all that, but we're speaking hypothetically here.